Endpoint Security Controls and the Insider Threat
At your financial institution, what would you consider as your worst threat for data loss? Hackers? Letâ€™s face it, everyone who is trying to breach your defenses really just wants to join those insiders who are already running amuck on your network. If youâ€™re not cognizant of the insider threat in your institution you will need to rethink your security strategy.
Knowing where and when your employees are accessing data means watching your endpoints. Endpoint controls can play a key role in preventing or reducing the insider threat, says Ari Tammam, an information security company executive. Financial institutions are doing a better job than many other companies because of the regulatory compliance that goes along with being a financial institution, but the threat is still present.
The CSI/FBI reports in recent years have all pointed to the fact that most attacks are coming from inside the network. Tammam, the channel vice president at Promisec, pointed to one of the FBI insider threat studies and noted, â€œSome endpoints are overlooked. Financial institutions are more conscious of endpoint security, but they still have to give their employees some leniency in order to get their jobs done. The trick to detecting insider fraud is to look at not just what theyâ€™re opening and looking at in documents, but the context of what theyâ€™re doing with that information,â€ he said. â€œRealize every institution has a set of user rules (or acceptable use policy) that must be enforced and repeated to the employees, so they know absolutely where they can and cannot go.â€
The best example for a financial institutionâ€™s â€œunknownâ€ endpoint is the wireless network running outside of the institution, but which can attract endpoints that are left on by default, on laptops or other devices that are also connected to the institutionâ€™s network. â€œTherefore it opens the institutionâ€™s network to the possibility of data leaving the institution, absolutely without anyone knowing that itâ€™s going out,â€ he explained.
Other endpoints that may not be secured at financial institutions and could make a network vulnerable include the mobile devices that management and bank executives rely on, including PDAs. â€œThese arenâ€™t new to institutions, and most are now adequately protected, an institution will decide on a single type of device, and standardize the security protocols to protect it, and wonâ€™t allow any others to operate on their network.â€
Shared folders on the other hand, have a great potential for compromised data, he said. â€œFor large projects, itâ€™s easy to have information in shared folders, it facilitates information flow.â€ But as sure as that flow begins, itâ€™s hard to stop. â€œWhat if you accidentally save some sensitive or classified information, to that shared folder, and thatâ€™s just by technical or human error, not intentional. But now it has been made available to everyone,â€ Tammam said, adding a recent example where military information was leaked out in Japan about a U.S. missile defense system, was the latest in the data breach brigade marching out on endpoints. (Whether this breach was accidental, in that the wrong file was copied, or intentional is still under investigation by both U.S. and Japanese officials).
Tammam recommended institutions run audits on their networks on a regular basis to find the hidden endpoints and other vulnerabilities that are on it, and with the findings of those regular audits also stress awareness/education of the institutionâ€™s staff to avoid future security compromises.